Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Certified Information Systems Security Professional (CISSP) Exam Guide
Certified Information Systems Security Professional (CISSP) Exam Guide

Certified Information Systems Security Professional (CISSP) Exam Guide: Become a certified CISSP professional with practical exam-oriented knowledge of all eight domains

Arrow left icon
Profile Icon Ted Jordan Profile Icon Ric Daza Profile Icon Hinne Hettema
Arrow right icon
R$80 R$222.99
Full star icon Full star icon Full star icon Full star icon Full star icon 5 (5 Ratings)
eBook Sep 2024 526 pages 1st Edition
eBook
R$80 R$222.99
Paperback
R$278.99
Subscription
Free Trial
Renews at R$50p/m
Arrow left icon
Profile Icon Ted Jordan Profile Icon Ric Daza Profile Icon Hinne Hettema
Arrow right icon
R$80 R$222.99
Full star icon Full star icon Full star icon Full star icon Full star icon 5 (5 Ratings)
eBook Sep 2024 526 pages 1st Edition
eBook
R$80 R$222.99
Paperback
R$278.99
Subscription
Free Trial
Renews at R$50p/m
eBook
R$80 R$222.99
Paperback
R$278.99
Subscription
Free Trial
Renews at R$50p/m

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Product feature icon AI Assistant (beta) to help accelerate your learning
Table of content icon View table of contents Preview book icon Preview Book

Certified Information Systems Security Professional (CISSP) Exam Guide

Becoming a CISSP

You have begun the journey to obtain the most prized cybersecurity certification in the world. The Certified Information Systems Security Professional (CISSP) is said to be 10 miles wide and an inch deep. The eight domains of the CISSP cover a vast amount of information. However, despite the previous quote, you still need to understand the underlying concepts. This is because the exam does not just test your memory of concepts but also their application in scenarios to solve problems.

One of the reasons the CISSP is as broad and respected as it is is because it is built and maintained by experts from around the world and diverse industries. These experts (all of whom hold a CISSP certification) gather every three years to review and revise the exam outline during the job task analysis (JTA) portion of the certification’s life cycle. During the JTA process, experts ensure that the knowledge embodied by the outline represents what a cybersecurity practitioner needs to know to perform their job effectively. This chapter will discuss why this is so critical. You’ll review the CISSP exam itself, its structure, and the new CISSP Computerized Adaptive Testing (CAT) version of the exam. You’ll also be provided with the best exam tips and tricks. Finally, you’ll learn what it takes to become a CISSP.

Making the Most Out of This Book – Your Certification and Beyond

This book and its accompanying online resources are designed to be a complete preparation tool for your CISSP Exam.

The book is written in a way that you can apply everything you’ve learned here even after your certification. The online practice resources that come with this book (Figure 1.1) are designed to improve your test-taking skills. They are loaded with timed mock exams, interactive flashcards, and exam tips to help you work on your exam readiness from now till your test day.

Before You Proceed

To learn how to access these resources, head over to Chapter 24, Accessing the Online Practice Resources, at the end of the book.

Figure 1.1: Dashboard interface of the online practice resources

Figure 1.1: Dashboard interface of the online practice resources

Here are some tips on how to make the most out of this book so that you can clear your certification and retain your knowledge beyond your exam:

  1. Read each section thoroughly.
  2. Make ample notes: You can use your favorite online note-taking tool or use a physical notebook. The free online resources also give you access to an online version of this book. Click the BACK TO THE BOOK link from the Dashboard to access the book in Packt Reader. You can highlight specific sections of the book there.
  3. Chapter Review Questions: At the end of this chapter, you’ll find a link to review questions for this chapter. These are designed to test your knowledge of the chapter. Aim to score at least 75% before moving on to the next chapter. You’ll find detailed instructions on how to make the most of these questions at the end of this chapter in the Exam Readiness Drill - Chapter Review Questions section. That way, you’re improving your exam-taking skills after each chapter, rather than at the end.
  4. Flashcards: After you’ve gone through the book and scored 75% more in each of the chapter review questions, start reviewing the online flashcards. They will help you memorize key concepts.
  5. Mock Exams: Solve the mock exams that come with the book till your exam day. If you get some answers wrong, go back to the book and revisit the concepts you’re weak in.
  6. Exam Tips: Review these from time to time to improve your exam readiness even further.

In this section, we will cover the following topics:

  • The need for CISSPs
  • CISSP exam overview
  • CISSP exam structure
  • Exam tips and tricks
  • Information about becoming a CISSP

The Need for CISSPs

One of the challenges facing the cybersecurity profession is satisfying the necessity for qualified cybersecurity practitioners to meet the demand. According to the Bureau of Labor Statistics, the rate of growth for jobs in information security is projected at 37% from 2012-2022 (https://packt.link/FNAup). That’s much faster than the average for all other occupations. The Human Resources (HR) professionals who are on the front lines dealing with this challenge rarely possess the ability to quantify the expertise of a cybersecurity job candidate. Therefore, a respected, unbiased standard is necessary to help potential employers more easily determine qualified candidates from unqualified candidates. Enter ISC2 and their CISSP certification.

The International Information System Security Certification Consortium (ISC2) was established as a non-profit organization in 1989. Five years later, ISC2 launched its first certification, the CISSP, in 1994. At the time, the cybersecurity market was in desperate need of a baseline of cybersecurity knowledge to aid both the industry in standardizing the profession and those seeking to hire cybersecurity professionals. Since its founding, ISC2, through the CISSP and its other eight certifications, has established and maintained that standard.

In 2005, the United States Department of Defense (DoD) created the 8570 directive to assess and manage its cybersecurity workforce. The CISSP provides independent verification of a reliable baseline of knowledge and experience in cybersecurity of a practitioner. The CISSP tells the world that you know something about cybersecurity—not just something, but the right something about cybersecurity, as determined by industry experts who hold a CISSP certification. As per the 8570 directive and its current successor, the 8140 directive, many job roles in cybersecurity within the DoD require a CISSP certification to qualify.

In addition to helping HR professionals validate a baseline level of knowledge, the CISSP certification also validates experience. The CISSP certification requires not just a passing score but a minimum of five years of experience. ISC2 verifies this requisite experience before conferring the certification on any candidate who has achieved a passing score on the exam. You will learn more about this experience requirement in the Information about Becoming a CISSP section. This additional benefit of experience verification is of great value to employers.

The CISSP certification also comes with a 40-hour annual Continuing Professional Education (CPE) requirement to maintain the currency of your CISSP certification. See https://packt.link/6EFMh for more information. While ISC2 is a non-profit organization, they don’t just track your CPE and maintain your currency for free; there is an annual maintenance fee of 125 USD per year. The bright side is that if you choose to pursue any of the other eight ISC2 certifications, you will pay only 85 USD per year, unlike other cybersecurity certification organizations.

CISSP Exam Overview

The CISSP exam outline is the most important tool when preparing for the certification. It is no exaggeration to say it is the roadmap of the test. This section will explain why it is so important to know it well. First and foremost, it is what ISC2 uses to build the test questions. The certification industry (organizations such as ISC2, ISACA, SANS, and CompTIA) calls exam questions items. The process of building test questions is called item writing, which for the CISSP exam and ISC2 is done by volunteer CISSPs in an item writing workshop.

If you search the web for item writing, you’ll find many first-hand accounts from volunteers about their experiences of participating in an item writing workshop. There are some excellent ones on ISC2 where volunteers share their workshop experiences and details about the item writing process: https://packt.link/SvggM. ISC2 works very hard to protect the confidentiality and efficacy of their item bank (their database of exam questions). So, don’t waste your time trying to find or use brain-dumps or allegedly real questions (most likely fake).

Your study time is much better spent understanding the material covered in the exam outline and how ISC2 uses it to build items. The exam outline is the product of another kind of volunteer workshop, known as a JTA. In this workshop, the volunteer CISSPs review the current outline and update it to more accurately reflect the knowledge and skills a CISSP should have today and over the next three-year cycle. Once this crucial step is complete, the existing items in the bank must be mapped to the new outline. This is also done by volunteer CISSPs in a workshop called an item mapping workshop.

The item mapping process is important for two reasons. First, categorizing items into the appropriate part of the outline is necessary to build every test with an exact balance of items from the appropriate part of the outline, as determined by the JTA. The weighting of the outline will be discussed in detail later. Second, item mapping is necessary to determine where and how big the holes are in the item bank. These holes are then assigned to subsequent item writing workshops to be filled with new items based on the new exam outline. See https://packt.link/IqXal to view the outline.

This aspect will be of particular interest to you as you prepare for the CISSP exam. Each item must map to a specific topic in the exam outline. No surprise items on topics not covered by the exam outline are allowed. So, the exam items are fixed by the exam outline—this is an unbreakable rule. That being said, the outline is divided into eight domains or areas of knowledge, which you will soon see can be quite broad.

Domains

A domain is a broad collection of related information. In this section, you will become more familiar with the exam outline. The top level of the outline represents the eight domains. The second level represents the subject areas within the domain that CISSP candidates need to be familiar with related to that domain. Many second-level subject areas have a third level to further clarify the knowledge that is to be tested in the exam at the level above it. Any concept under the umbrella of a domain is fair game as a potential exam item.

It is no coincidence that this book is laid out exactly like the CISSP exam’s outline, as that is the information you need to know. Each domain in the exam outline will be covered by one or more chapters in this book. The goal is to introduce and explain each concept in the exam outline. Not only do you need to memorize this, but you also need to understand it as the exam tests your ability to correctly apply concepts to solve situations. It is not possible to capture every bit of potential information contained within a domain. This book will at least introduce every concept in the outline and delve deeper into those areas that are understood to have a high probability of showing up on your test.

CISSP CAT Examination Weightage

As mentioned earlier, each domain in the exam outline has a weight assigned. This means the Pearson VUE testing software must build your test with the exact percentage weights that are prescribed in the exam outline. So, if your test has 100 scored items, 16% or 16 items will be about concepts in Domain 1, Security and Risk Management.

While all ISC2 exam outlines provide domain-level weights, the CISSP exam outline provides weights for both linear testing and CAT. See https://packt.link/UCB05 for more information. The following table shows the domain level (the top level) of the exam outline, along with its corresponding weights:

Domain

Weight

1. Security and Risk Management

16%

2. Asset Security

10%

3. Security Architecture and Engineering

13%

4. Communication and Network Security

13%

5. Identity and Access Management (IAM)

13%

6. Security Assessment and Testing

12%

7. Security Operations

13%

8. Software Development Security

10%

Table 1.1: CISSP CAT examination weights

The weights are the same for both versions (linear testing and CAT) of the test. ISC2 publishes item weight information for both linear testing and CAT in case you plan on taking a non-English version of the CISSP exam. All ISC2 exams besides the English CISSP exam are linear. See https://packt.link/oNM7u for the other languages available. While the domain weights are fairly evenly balanced, they do have a little difference among them. This may help you budget your time and help you decide where you want to focus your study efforts. This information, combined with the pre-assessment test in the next chapter, can provide insights into where and how to focus your time.

CISSP CAT Examination Information

In 2017, ISC2 began using CAT for all English CISSP exams worldwide. This version of the test covers the same material from the exam outline as the traditional test (linear testing). According to ISC2, “CISSP CAT is a more precise and efficient evaluation of your competency” (https://packt.link/TxPI2). Translation—it is a little less painful. If you know the material, the CAT exam can determine that in fewer items. You go from the linear test, which is 6 hours long and contains 250 items, to a 3-hour test with potentially as few as 100 items in the CAT exam.

Overall, the CAT exam is much nicer than the linear version. That being said, there are a few things about the CAT exam you should know so that you are not surprised. First, the CAT scoring algorithm is much more efficient. This means that you never really know when the test is going to end.

You know the absolute minimum (100 items) and the absolute maximum (3 hours), although it is unlikely that you will finish at either of those two extremes. The test ends as soon as the algorithm is confident you either know your stuff or you don’t. If you don’t know your stuff, the algorithm will not just let you run down the clock while exposing more items to you if it already knows you are not going to pass.

CISSP Exam Structure

The exam is made up of three types of items: multiple-choice questions, innovative questions, and scenario questions. The last two types of questions are legacy, meaning ISC2 will not be making any more questions of that type. The bulk of the questions are multiple-choice, and that is what this book will be focusing on. The other two types have been mentioned because you may see one or two in your exam.

“Innovative questions” is a fancy term for drag and drop. Imagine a graphic with four or five different boxes, where you have to drag the concept or term from one side of the screen to the other to match it up with an appropriate concept. If you know the material in this book, you should have no problem with this type of question. Another rare type of question is scenario questions. These questions have a long introduction scenario, followed by two to five questions based on that scenario.

As mentioned previously, today’s CISSP exam is predominantly made up of multiple-choice questions (MCQs). These questions have a to-the-point question portion (known as the item stem) and they have four options (A, B, C, and D). Only one option is the key or the correct answer; there cannot be more than one correct answer. The other three options are called distractors; they are incorrect answers.

To pass the exam, you need 700 out of 1,000 points. These points are scaled, which means that not all the questions are worth the same. Additionally, 25 questions are worth zero points. These are known as pre-test questions. If a pre-test question performs well, it will be promoted to a scored item in a future exam. Obviously, ISC2 does not indicate which questions are pre-test and which are scored, so try your best on all the questions.

So, what makes one question worth more than another? The more cognitively difficult the question, the more points it is worth. This cognitive difficulty is based on Bloom’s Taxonomy. See https://packt.link/eLxTU for more information on Bloom’s Taxonomy. In short, Bloom explains that there are different levels of understanding regarding concepts, with the most basic being Knowledge and the highest being Evaluation. For the CISSP exam, you only need to learn Knowledge, Application, and Analysis, as shown in the following diagram:

Figure 1.1: Bloom’s Taxonomy

Figure 1.2: Blooms Taxonomy

You can think of a knowledge-level question as pure memorization of a term or a concept you read. Application-level questions can be thought of as a deeper understanding of the underlying concept. Finally, the most challenging of cognitive levels is Analysis. It requires a deep understanding of multiple concepts; in particular, applying multiple concepts to solve a specific problem.

The idea of cognitive difficulty is best made clear with a few examples. Consider a concept from Domain 4, Communication and Network Security; specifically, 4.1:

  • At which layer of the Open System Interconnection (OSI) reference model does the Address Resolution Protocol (ARP) operate?
    1. 2 – Data Link
    2. 3 – Network
    3. 6 – Presentation
    4. 7 – Application

This is an example of a knowledge-level item. You only need to remember from reading or seeing an OSI model graphic that ARP is a layer 2 protocol. You need not know what it does, how it does it, about security issues with ARP, or how to fix them.

  • What is the purpose of the Address Resolution Protocol (ARP)?
  1. To resolve a Fully Qualified Domain Name (FQDN)
  2. To request an Internet Protocol (IP) address for a host
  3. To resolve an Internet Protocol (IP) address to a Media Access Control (MAC) address
  4. To build a loop-free topology in Internet Protocol (IP) networks

This is an example of an application-level item. It requires a deeper understanding of what the ARP does, why it is needed, and where it fits into the OSI and Transmission Control Protocol/Internet Protocol (TCP/IP) models.

  • Which attack leverages the Address Resolution Protocol (ARP)?
  1. Transmission Control Protocol (TCP) spoofing
  2. Distributed Denial of Service (DDoS)
  3. Man-in-the-Middle (MitM)
  4. Dynamic Host Configuration Protocol (DHCP) starvation

This is an example of an analysis-level item. Here, the exam is still just talking about ARP, but each question requires a progressively deeper understanding of the underlying ARP concept. For this item, you must understand what ARP is, how ARP works, and the cybersecurity attacks that use it. Notice that all the items are single sentences. Note that there is no correlation between the length of a question’s portion (item stem) and its cognitive difficulty.

Information About Becoming a CISSP

What does it take to become a CISSP? Two things. First, you must demonstrate mastery of the knowledge encompassed in the CISSP exam outline, which this book and your diligent efforts will help you with. Second, you must meet the CISSP experience requirement. See https://packt.link/OkYeS for more details. Upon passing the exam, you must furnish ISC2 with proof of at least five years of cumulative paid work experience in at least two of the eight domains in the CISSP exam outline.

ISC2 is very specific regarding how much experience it takes to satisfy this requirement. By five years, they mean throughout your career, including full-time (35+ hours/week), part-time (20–34 hours/week), and internships. One year of experience equals 2,080 hours. So, a total of 10,400 hours is required.

At the time you pass the exam, you are not a full CISSP yet. A four-year college degree or a certification from an ISC2-approved list will satisfy one year of experience. If you do not currently meet the experience requirement yet, don’t worry—you will be designated as an Associate CISSP and will be given six years to meet the job experience requirement.

Exam Tips and Tricks

This section will present some tried and tested exam tips and tricks to help you study for the CISSP exam, as well as some tips on how to approach the questions. First, consider the ISC2 website. There is a wealth of resources there, two of which you should be familiar with. The first is the ISC2 Community (https://packt.link/OT5sN), where you can explore the community you are trying to join. Be sure to check out the CISSP study group at https://packt.link/mEwXi.

The second resource is the ISC2 official acronym list, which is made available to you during the exam. However, you can preview it here: https://packt.link/AZxpN. Every acronym used anywhere in an ISC2 item bank is made public here. The item bank is a sneak peek into the concepts the items cover. Note that this covers all the acronyms for all nine of the tests that ISC2 offers (CISSP, CISSP-ISSAP, CISSP-ISSEP, CISSP-ISSMP, SSCP, CCSP, CAP, CSSLP, and HCISPP); they are not broken down by certification.

The goal of ISC2 is to ensure that exam candidates have a true command of the exam’s material, thus avoiding on-paper CISSPs. These are people who have their certification, but once they are in a professional setting, they do not understand the CISSP Common Body of Knowledge (CBK), which would threaten ISC2 and its CISSP certification’s hard-fought reputation as the best in cybersecurity. To that end, this section will discuss your study strategy. Unlike other tests you may have taken in the past, the CISSP exam will require more than just memorization to pass. It is important to keep this in mind. With each concept you are exposed to as you prepare, ask yourself: Why is this important? How does it work? What other concepts does it relate to?

A good example of the axiom understand, don’t memorize is aptly illustrated concerning security frameworks such as ISO 27001, NIST 800-53, and COBIT. While it is important to be familiar with these and other fundamental documents, these three frameworks all cover the same concepts—it is just that they are published by three different organizations: ISO, NIST, and ISACA, respectively. You do not want to spend your precious study time memorizing which framework says what or how it says it. Rather, focus your efforts on understanding the concepts contained within, why they are important, and who tends to use one framework over another and why.

Moving on to the test itself, take a look at some strategies to use during the test. Remember that the bulk of the exam questions will be in multiple-choice format, that is, the format where the question portion of the item is known as the item stem, and the four potential answers are known as options. Each part of these items is discussed next. First, keep in mind that the length of the item stem can mislead you into a false sense of security.

As mentioned earlier in this chapter, the length of the item stem is not representative of its underlying complexity. So, be sure you understand the nuance of what is being asked. It can be easy to quickly read a question, especially one with a short item stem, and assume you know what they are asking. The best way to avoid this pitfall is to read the question slowly and carefully. Your eyes can play tricks on you when you speed read. Missing or misreading just one word can change its meaning. Anxious test-takers tend to rush, afraid they will run out of time. If you know the material, then there will be plenty of time.

Now, take a look at the options portion of an item. Remember that there are only four options (A, B, C, and D). Only one of those options is the correct answer or the key. The other three options are aptly named distractors. ISC2 does not set out to trick you but to test how well you know the material. Sometimes, the difference between one answer option and another is one word or the sequence of a list. So, the wrong answer will look right to someone who only slightly knows the concept being tested. That is the mark of a good distractor: not to trick someone who understands the concept but to distinguish between the ones who do and do not know the concept well.

Sometimes, you can know the material too well. This can happen in a couple of ways. One way is that you work or have worked in the domain that is being tested so you have real-world experience. This can cause you to overthink the question. Keep in mind that every item on the CISSP exam must be backed up with a valid reference. Exam items are never based solely on an item writer’s personal experience unless their personal experience is common practice. It would be unfair to expect any CISSP candidate to have knowledge that is not publicly available, such as from non-proprietary sources such as books, journals, and websites.

If you find yourself facing an item where, after reading the stem, you cannot find the right answer among the options, here are a few tips. First, look for the best answer from the given choices. Next, all else being equal, choose your answer while wearing your manager hat and not as a technical person. Remember that the CISSP is meant to be broad, not deep—a perspective prized among managers. Finally, if those two tips do not illuminate the best choice, try to understand the differences among and between all the options given. If all else fails, guess. In the CAT version of the CISSP exam, you cannot mark questions or go back to a question later, so never leave a question unanswered.

Summary

In this chapter, we discussed the CISSP certification and why it is so valuable in the cybersecurity industry. You also learned how it is built and maintained by CISSP-certified experts from around the world. You were introduced to the all-important CISSP exam outline provided by ISC2 and the foundation of how this book is organized and dug deeper into the CISSP exam’s structure. You got some exam tips and tricks and learned about the experience requirements to fully become a CISSP.

The next chapter will give you a pre-assessment test to help you gauge your strengths and weaknesses in the exam outline.

Left arrow icon Right arrow icon
Download code icon Download Code

Key benefits

  • Explore up-to-date content meticulously aligned with the latest CISSP exam objectives
  • Understand the value of governance, risk management, and compliance
  • Assess your exam readiness with practice questions that match exam-level difficulty

Description

The (ISC)2 CISSP exam evaluates the competencies required to secure organizations, corporations, military sites, and government entities. The comprehensive CISSP certification guide offers up-to-date coverage of the latest exam syllabus, ensuring you can approach the exam with confidence, fully equipped to succeed. Complete with interactive flashcards, invaluable exam tips, and self-assessment questions, this book helps you build and test your knowledge of all eight CISSP domains. Detailed answers and explanations for all questions will enable you to gauge your current skill level and strengthen weak areas. This guide systematically takes you through all the information you need to not only pass the CISSP exam, but also excel in your role as a security professional. Starting with the big picture of what it takes to secure the organization through asset and risk management, it delves into the specifics of securing networks and identities. Later chapters address critical aspects of vendor security, physical security, and software security. By the end of this book, you'll have mastered everything you need to pass the latest CISSP certification exam and have this valuable desktop reference tool for ongoing security needs.

Who is this book for?

This book is for professionals seeking to obtain the ISC2 CISSP certification. You should have experience in at least two of the following areas: GRC, change management, network administration, systems administration, physical security, database management, or software development. Additionally, a solid understanding of network administration, systems administration, and change management is essential.

What you will learn

  • Get to grips with network communications and routing to secure them best
  • Understand the difference between encryption and hashing
  • Know how and where certificates and digital signatures are used
  • Study detailed incident and change management procedures
  • Manage user identities and authentication principles tested in the exam
  • Familiarize yourself with the CISSP security models covered in the exam
  • Discover key personnel and travel policies to keep your staff secure
  • Discover how to develop secure software from the start

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Sep 20, 2024
Length: 526 pages
Edition : 1st
Language : English
ISBN-13 : 9781800561786
Tools :

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Product feature icon AI Assistant (beta) to help accelerate your learning

Product Details

Publication date : Sep 20, 2024
Length: 526 pages
Edition : 1st
Language : English
ISBN-13 : 9781800561786
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
R$50 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
R$500 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just R$25 each
Feature tick icon Exclusive print discounts
R$800 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just R$25 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total R$ 780.97 864.97 84.00 saved
Resilient Cybersecurity
R$194.99 R$278.99
Certified Information Systems Security Professional (CISSP) Exam Guide
R$278.99
ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide
R$306.99
Total R$ 780.97 864.97 84.00 saved Stars icon

Table of Contents

27 Chapters
Intro I: Becoming a CISSP Chevron down icon Chevron up icon
Intro II: Pre-Assessment Test Chevron down icon Chevron up icon
Chapter 1: Ethics, Security Concepts, and Governance Principles Chevron down icon Chevron up icon
Chapter 2: Compliance, Regulation, and Investigations Chevron down icon Chevron up icon
Chapter 3: Security Policies and Business Continuity Chevron down icon Chevron up icon
Chapter 4: Risk Management, Threat Modeling, SCRM, and SETA Chevron down icon Chevron up icon
Chapter 5: Asset and Privacy Protection Chevron down icon Chevron up icon
Chapter 6: Information and Asset Handling Chevron down icon Chevron up icon
Chapter 7: Secure Design Principles and Controls Chevron down icon Chevron up icon
Chapter 8: Architecture Vulnerabilities and Cryptography Chevron down icon Chevron up icon
Chapter 9: Facilities and Physical Security Chevron down icon Chevron up icon
Chapter 10: Network Architecture Security Chevron down icon Chevron up icon
Chapter 11: Securing Communication Channels Chevron down icon Chevron up icon
Chapter 12: Identity, Access Management, and Federation Chevron down icon Chevron up icon
Chapter 13: Identity Management Implementation Chevron down icon Chevron up icon
Chapter 14: Designing and Conducting Security Assessments Chevron down icon Chevron up icon
Chapter 15: Designing and Conducting Security Testing Chevron down icon Chevron up icon
Chapter 16: Planning for Security Operations Chevron down icon Chevron up icon
Chapter 17: Security Operations Chevron down icon Chevron up icon
Chapter 18: Disaster Recovery Chevron down icon Chevron up icon
Chapter 19: Business Continuity, Personnel, and Physical Security Chevron down icon Chevron up icon
Chapter 20: Software Development Life Cycle Security Chevron down icon Chevron up icon
Chapter 21: Software Development Security Controls Chevron down icon Chevron up icon
Chapter 22: Securing Software Development Chevron down icon Chevron up icon
Chapter 23: Secure Coding Guidelines, Third-Party Software, and Databases Chevron down icon Chevron up icon
Chapter 24: Accessing the Online Practice Resources Chevron down icon Chevron up icon
Other Books You May Enjoy Chevron down icon Chevron up icon

Customer reviews

Rating distribution
Full star icon Full star icon Full star icon Full star icon Full star icon 5
(5 Ratings)
5 star 100%
4 star 0%
3 star 0%
2 star 0%
1 star 0%
Bill Oct 08, 2024
Full star icon Full star icon Full star icon Full star icon Full star icon 5
If you’re gearing up for the CISSP exam, this book is an essential tool. It thoroughly covers all the domains in a clear and structured way, making complex topics more understandable. The exam-focused approach ensures you’re concentrating on the right areas, and the practical examples help reinforce your knowledge. I especially valued the exam tips and readiness drills at the end of each chapter. This guide will enhance your confidence and readiness for the exam. Highly recommended for anyone pursuing CISSP certification!
Amazon Verified review Amazon
Alex T Oct 06, 2024
Full star icon Full star icon Full star icon Full star icon Full star icon 5
I enjoyed going through this book and how comprehensive it is for the CISSP and beyond. With the exam covering so much, the authors provided as much detail as possible for each domain without it being presented too much as a dry study guide. Its two chapters on identity management are particularly valuable.
Amazon Verified review Amazon
Kenneth Dolbow Oct 08, 2024
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Having passed the CISSP exam, I can confidently say the Certified Information Systems Security Professional (CISSP) Exam Guide from Packt is a fantastic resource. This book covers the extensive material needed for the exam in a clear, well-organized way, and even taught me a few new things despite already being certified.The online resources are top-notch, offering mock exams, practice questions, flashcards, and exam tips—everything you need to prepare thoroughly. I also love the chapter review questions. Testing yourself after learning is proven to improve retention, and this book excels at reinforcing key concepts.Overall, this guide is a must-have for anyone preparing for the CISSP. Highly recommended!
Amazon Verified review Amazon
Deepak Kuhar Oct 07, 2024
Full star icon Full star icon Full star icon Full star icon Full star icon 5
If you're preparing for the CISSP exam, this book is an invaluable resource. It covers all the domains in a clear and organized manner, making complex concepts easier to grasp. The exam-oriented approach ensures that you're focusing on the right topics, and the practical examples help solidify your understanding. I particularly appreciated the exam tips & tricks and readiness drills after each chapter. This guide will boost your confidence and preparedness for the exam. Highly recommend to anyone aiming for CISSP certification!
Amazon Verified review Amazon
Rengarajan Oct 18, 2024
Full star icon Full star icon Full star icon Full star icon Full star icon 5
As a CISSP certification holder i really enjoyed reading this book. This book covers all the latest concepts of the ISC2 exam for CISSP and explains the concepts in a very concise manner. There is a pre-assessment test before you go to chapter#1 which covers ethics and CIA triage very well, At the end of each chapter there is exam readiness drill which should help the candidate to assess himself well on the topics covered and prepare well for this tough exam, i highly recommend this book for any cissp aspirants.
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

How do I buy and download an eBook? Chevron down icon Chevron up icon

Where there is an eBook version of a title available, you can buy it from the book details for that title. Add either the standalone eBook or the eBook and print book bundle to your shopping cart. Your eBook will show in your cart as a product on its own. After completing checkout and payment in the normal way, you will receive your receipt on the screen containing a link to a personalised PDF download file. This link will remain active for 30 days. You can download backup copies of the file by logging in to your account at any time.

If you already have Adobe reader installed, then clicking on the link will download and open the PDF file directly. If you don't, then save the PDF file on your machine and download the Reader to view it.

Please Note: Packt eBooks are non-returnable and non-refundable.

Packt eBook and Licensing When you buy an eBook from Packt Publishing, completing your purchase means you accept the terms of our licence agreement. Please read the full text of the agreement. In it we have tried to balance the need for the ebook to be usable for you the reader with our needs to protect the rights of us as Publishers and of our authors. In summary, the agreement says:

  • You may make copies of your eBook for your own use onto any machine
  • You may not pass copies of the eBook on to anyone else
How can I make a purchase on your website? Chevron down icon Chevron up icon

If you want to purchase a video course, eBook or Bundle (Print+eBook) please follow below steps:

  1. Register on our website using your email address and the password.
  2. Search for the title by name or ISBN using the search option.
  3. Select the title you want to purchase.
  4. Choose the format you wish to purchase the title in; if you order the Print Book, you get a free eBook copy of the same title. 
  5. Proceed with the checkout process (payment to be made using Credit Card, Debit Cart, or PayPal)
Where can I access support around an eBook? Chevron down icon Chevron up icon
  • If you experience a problem with using or installing Adobe Reader, the contact Adobe directly.
  • To view the errata for the book, see www.packtpub.com/support and view the pages for the title you have.
  • To view your account details or to download a new copy of the book go to www.packtpub.com/account
  • To contact us directly if a problem is not resolved, use www.packtpub.com/contact-us
What eBook formats do Packt support? Chevron down icon Chevron up icon

Our eBooks are currently available in a variety of formats such as PDF and ePubs. In the future, this may well change with trends and development in technology, but please note that our PDFs are not Adobe eBook Reader format, which has greater restrictions on security.

You will need to use Adobe Reader v9 or later in order to read Packt's PDF eBooks.

What are the benefits of eBooks? Chevron down icon Chevron up icon
  • You can get the information you need immediately
  • You can easily take them with you on a laptop
  • You can download them an unlimited number of times
  • You can print them out
  • They are copy-paste enabled
  • They are searchable
  • There is no password protection
  • They are lower price than print
  • They save resources and space
What is an eBook? Chevron down icon Chevron up icon

Packt eBooks are a complete electronic version of the print edition, available in PDF and ePub formats. Every piece of content down to the page numbering is the same. Because we save the costs of printing and shipping the book to you, we are able to offer eBooks at a lower cost than print editions.

When you have purchased an eBook, simply login to your account and click on the link in Your Download Area. We recommend you saving the file to your hard drive before opening it.

For optimal viewing of our eBooks, we recommend you download and install the free Adobe Reader version 9.